{"affected":[{"ecosystem_specific":{"binaries":[{"libnss_slurm2_22_05":"22.05.11-150200.5.9.1","libpmi0_22_05":"22.05.11-150200.5.9.1","libslurm38":"22.05.11-150200.5.9.1","perl-slurm_22_05":"22.05.11-150200.5.9.1","slurm_22_05":"22.05.11-150200.5.9.1","slurm_22_05-auth-none":"22.05.11-150200.5.9.1","slurm_22_05-config":"22.05.11-150200.5.9.1","slurm_22_05-config-man":"22.05.11-150200.5.9.1","slurm_22_05-devel":"22.05.11-150200.5.9.1","slurm_22_05-doc":"22.05.11-150200.5.9.1","slurm_22_05-lua":"22.05.11-150200.5.9.1","slurm_22_05-munge":"22.05.11-150200.5.9.1","slurm_22_05-node":"22.05.11-150200.5.9.1","slurm_22_05-pam_slurm":"22.05.11-150200.5.9.1","slurm_22_05-plugins":"22.05.11-150200.5.9.1","slurm_22_05-rest":"22.05.11-150200.5.9.1","slurm_22_05-slurmdbd":"22.05.11-150200.5.9.1","slurm_22_05-sql":"22.05.11-150200.5.9.1","slurm_22_05-sview":"22.05.11-150200.5.9.1","slurm_22_05-torque":"22.05.11-150200.5.9.1","slurm_22_05-webdoc":"22.05.11-150200.5.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS","name":"slurm_22_05","purl":"pkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"22.05.11-150200.5.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for slurm_22_05 fixes the following issues:\n\nUpdate to slurm 22.05.11:\n\nSecurity fixes:\n\n- CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046)\n- CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050)\n- CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051)\n- CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053)\n\nOther fixes:\n\n- Add missing service file for slurmrestd (bsc#1217711).\n- Fix slurm upgrading to incompatible versions (bsc#1216869).\n","id":"SUSE-SU-2024:0286-1","modified":"2024-01-31T11:03:28Z","published":"2024-01-31T11:03:28Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20240286-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1216869"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217711"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218046"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218050"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218051"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218053"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49933"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49936"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49937"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49938"}],"related":["CVE-2023-49933","CVE-2023-49936","CVE-2023-49937","CVE-2023-49938"],"summary":"Security update for slurm_22_05","upstream":["CVE-2023-49933","CVE-2023-49936","CVE-2023-49937","CVE-2023-49938"]}